Skip to content
Layeron Doc

Gateway

Gateway is the public entry point for every Layeron backend environment. It is created automatically for each backend app. You do not add it with app.use.

Gateway owns ingress behavior that every backend app needs:

  • Hono route matching for app routes, middleware, and module ingress.
  • Host and base path matching from the backend endpoint.
  • Automatic OPTIONS handling for declared paths.
  • HEAD handling for explicit HEAD routes and GET route compatibility.
  • CORS response headers and preflight responses.
  • Default route auth policy for routes that omit auth.
  • Request id and trace header propagation.
  • Normalized runtime errors for missing routes, unsupported methods, and handler failures.
  • Gateway product logs under the reserved layeron/gateway stream identity.

How It Fits

Section titled “How It Fits”

Gateway stays inside the Layeron pipeline. User configuration is stored in AppSpec.metadata.gateway, lowered into RuntimeTopology.gateway.policy, and executed by the runtime Gateway.

Terminal window
backend({ gateway })
  -> AppSpec.metadata.gateway
  -> RuntimeTopology.gateway.policy
  -> LayeronGateway
  -> Hono route engine

Gateway owns public ingress concerns. Capability behavior still belongs to route handlers and product modules.

What Gateway Handles

Section titled “What Gateway Handles”

Gateway centralizes cross-route behavior that would otherwise be repeated in each handler:

  • Route matching and method discovery.
  • Browser CORS policy.
  • Route auth policy dispatch for public, user, service, and admin.
  • Request identity headers.
  • Trace propagation.
  • Normalized error responses.
  • Product-level Gateway logs.

Route-level Captcha, webhook verification, and other capability-specific checks are declared on their respective route or module surfaces.

Next Steps

Section titled “Next Steps”
  • Get started: Configure Gateway auth policy, CORS, request identity, trace headers, and Gateway logs.
  • Runtime behavior: Review routing, auth policy, CORS, errors, logs, boundaries, and security notes.
  • Backend routes: Define public routes and route-level behavior in your backend app.
  • API reference: Review Gateway config, CORS, logging, backend options, and app methods.